Latest news of the domain name industry

Recent Posts

Go here to help fight against coronavirus abuse

Kevin Murphy, March 26, 2020, Domain Tech

A coalition of over 1,000 security experts, domain name providers and others have got together to help coordinate efforts to combat abusive coronavirus-related domains.

A workspace on the collaboration platform Slack has been growing steadily since it was created a week ago, enabling technology professionals to exchange information about the alarming number of sites currently trying to take advantage of the pandemic.

You can join the channel via this link. Thanks to Theo Geurts of RealtimeRegister.com for passing it along.

The collection of chat rooms appears to have been created by Joshua Saxe, chief scientist at security software firm Sophos, March 19. There are currently 1,104 members.

There’s a channel devoted to malicious domains, which is being used to share statistical data and lists of bad and good coronavirus-related domains, among other things.

Across the workspace, a broad cross-section of interested parties is represented. Current members appear to come from security companies, governments, law enforcement, registries, registrars, ICANN, healthcare providers, and others.

It seems like a pretty good way for the technical members of the domain name industry to keep track of what’s going on during the current crisis, potentially helping them to put a stop to threats using domains they manage as they emerge.

More domain industry response to coronavirus

Kevin Murphy, March 18, 2020, Domain Registrars

It’s beginning to look like home-working has become the norm, rather than the exception, in the domain name industry.
Following on my post Monday, here are the latest companies and organizations to provide updates on their responses to the coronavirus pandemic.

  • ICANN has told its staff in Brussels, Geneva and Singapore to work from home, while recommending that its guys in Istanbul, LA and Washington DC do the same. Staff in Montevideo and Nairobi, where confirmed cases of the virus are pretty light, will carry on as normal for now. The edict will be in effect until March 31. One imagines there’s a good chance it could be renewed.
  • In the UK, Nominet said yesterday that it has “initiated home-working across all our teams from today” and expects “business as usual”. All in-person events through the end of May have been postponed.
  • In Ireland, registry IEDR said that it closed its offices in Dublin on Friday and may reopen March 30, pending further government guidance. Like other registries, IEDR said it’s already well-equipped for staff to work remotely.
  • Also in Ireland, registrar Blacknight Solutions tells me its team are also now working from home.
  • Canada-based registrar Tucows said: “On Sunday March 8, Tucows’ executive leadership announced that all employees who could conceivably work from home were encouraged to do so in the week that followed. On Monday, it looked like an overabundance of caution but by Thursday morning it seemed prescient.” While there is expected to be no impact to the registrar side of the house, the Ting Internet ISP arm has cancelled and rescheduled all home egineering visits, which obviously could cause customer disruption.
  • French registrar Gandi, operating under some of the world’s most stringent government guidelines, said yesterday its staff are naturally enough now all working from home.
  • Not strictly domain industry, but the World Intellectual Property Organization said yesterday it has limited access to its Geneva headquarters to only “essential” staff.
  • US-based registrar MarkMonitor said Monday it has implemented a remote-working regime for its staff.

Given how dog-bites-man such announcements have rapidly become, I doubt I’ll be following up this series of posts again, unless something truly extraordinary happens. It’s pretty safe to assume that before long almost everyone in the industry will be working from home.

Facebook WILL sue more registrars for cybersquatting

Kevin Murphy, March 13, 2020, Domain Registrars

Facebook has already sued two domain name registrars for alleged cybersquatting and said yesterday that it will sue again.
Last week, Namecheap became the second registrar in Facebook’s legal crosshairs, sued in in its native Arizona after allegedly failing to take down or reveal contact info for 45 domains that very much seem to infringe on its Facebook, Instagram and WhatsApp trademarks.
In the complaint (pdf), which also names Namecheap’s Panama-based proxy service Whoisguard as a defendant, the social media juggernaut claims that Whoisguard and therefore Namecheap is the legal registrant for dozens of clear-cut cases of cybersquatting including facebo0k-login.com, facebok-securty.com, facebokloginpage.site and facebooksupport.email.
In a brief statement, Facebook said these domains “aim to deceive people by pretending to be affiliated with Facebook apps” and “can trick people into believing they are legitimate and are often used for phishing, fraud and scams”.
Namecheap was asked to reveal the true registrants behind these Whoisguard domains between October 2018 and February 2020 but decline to do so, according to Facebook.
The complaint is very similar to one filed against OnlineNIC (pdf) in October.
And, according to Margie Milam, IP enforcement and DNS policy lead at Facebook, it won’t be the last such lawsuit.
Speaking at the second public forum at ICANN 67 yesterday, she said:

This is the second in a series of lawsuits Facebook will file to protect people from the harm caused by DNS abuse… While Facebook will continue to file lawsuits to protect people from harm, lawsuits are not the answer. Our preference is instead to have ICANN enforce and fully implement new policies, such as the proxy policy, and establish better rules for Whois.

Make no mistake, this is an open threat to fence-sitting registrars to either play ball with Facebook’s regular, often voluminous requests for private Whois data, or get taken to court. All the major registrars will have heard her comments.
Namecheap responded to its lawsuit by characterizing it as “just another attack on privacy and due process in order to strong-arm companies that have services like WhoisGuard”, according to a statement from CEO Richard Kirkendall.
The registrar has not yet had time to file its formal reply to the legal complaint, but its position appears to be that the domains in question were investigated, found to not be engaging in nefarious activity, and were therefore vanilla cases of trademark infringement best dealt with using the UDRP anti-cybersquatting process. Kirkendall said:

We actively remove any evidence-based abuse of our services on a daily basis. Where there is no clear evidence of abuse, or when it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry-standard protocol. Outside of said protocol, a legal court order is always required to provide private user information.

UDRP complaints usually take several weeks to process, which is not much of a tool to be used against phishing attacks, which emerge quickly and usually wind down in a matter of a few days.
Facebook’s legal campaign comes in the context of an ongoing fight about access to Whois data. The company has been complaining about registrars failing to hand over customer data ever since Europe’s GDPR privacy regulation came into effect, closely followed by a new, temporary ICANN Whois policy, in May 2018.
Back then, its requests showed clear signs of over-reach, though the company claims to have scaled-back its requests in the meantime.
The lawsuits also come in the context of renewed attacks at ICANN 67 on ICANN and the domain industry for failing to tackle so-called “DNS abuse”, which I will get to in a follow-up article.

Watch: climate change denier on why she trusts .org more than .com

Kevin Murphy, February 10, 2020, Gossip

This isn’t news, but I found it amusing, irritating, and slightly confusing — a clip of a climate change denier rubbishing a scientific article because it appears on a .com domain rather than a .org.
The video below, featuring comedian Joe Rogan interviewing conservative political commentator Candace Owens, dates from May 2018, but I first came across it when it popped up on Reddit’s front page this morning.
In it, Rogan attempts to school Owens on why human-influenced climate change, which she believed is a liberal conspiracy, is a scientific fact. At one point, his producer pulls up an article from Scientific American, the respected, 174-year-old popular science magazine, which uses scientificamerican.com.
Owens responds:

What web site is this? .com though? That means it’s making money. I don’t trust that. If it was a .org I would probably take that, but this is just a random web site.


The argument has been made, in the ongoing controversy over .org’s sale to Ethos Capital, that .org domains carry a higher level of trust than other TLDs, through the mistaken belief that you need to be a not-for-profit in order to own one, but I think this is the first time I’ve ever heard that belief openly expressed in a widely-viewed forum by a public figure, albeit not a very bright one.
Confusingly, at around the 11.50 mark in the video, Owens starts banging on about how she doesn’t trust research conducted by “.orgs” such as mediamatters.org.
She appears to be someone who, in the age of fake news, pays attention to TLDs when deciding what is and isn’t true online. I can’t decide whether that’s an admirable quality or not. At least she has a filter, I guess.

Is the .co rebid biased toward Afilias? Yeah, kinda

Kevin Murphy, January 17, 2020, Domain Registries

The Colombian government has come under fire for opening up the .co registry contract for rebid in a way that seems predetermined to pick Afilias as the winner, displacing its fierce rival Neustar.
As I blogged in November, Colombia thinks it might be able to secure a better registry deal, so it plans to shortly open .co up to competitive proposals.
A company called .CO Internet, acquired by Neustar for $109 million in 2014, has been running the ccTLD for the last decade. There are currently around 2.3 million .co domains under management, according to Colombia.
With the renewal deadline looming, the government’s technology ministry, MinTIC, published an eyebrow-raising request for proposals last month.
What’s surprising about the RFP is that some of the four main technical performance criteria listed are so stringent that probably only two companies in the industry qualify — Verisign and Afilias, and so far Verisign has not been involved in the RFP process.
The companies that have been engaging with the government to date are Afilias, Neustar/.CO, Nominet, CentralNic and Donuts.
First, MinTIC wants a registry that’s had at least two million domains under management across its portfolio continuously for two years. All five registries qualify there.
Second, it wants a registry that’s been involved in the migration of a TLD of at least one million names, either as the gaining or losing back-end.
That immediately narrows the pack to just two of the five aforementioned registries — Neustar and Afilias.
Verisign would also qualify, if it’s in the bidding, but I suspect it’s not. Taking over .co would look like a “buy it to kill it” strategy, which would be horrible optics for the Colombian government.
There have only ever been three migrations over one million names, to my knowledge: the Verisign->Afilias .org transition of 2003, the Neustar->Afilias .au move of 2018, and last year’s Afilias->Neustar .in handover.
CentralNic, Nominet and Donuts have all moved numerous TLDs between back-ends, but with much smaller per-TLD domain volumes.
Third — and here’s the kicker — the successful .co bidder will have to show that it processes on average 25 million registry transactions — defined as “billable EPP (write) transactions, as well as all EPP search (read) transactions” — per day. (All of the RFP quotes in this post have been machine-translated from Spanish by Google and run by a few generous Spanish speakers for verification.)
The RFP is not entirely clear on what exact data points it’s looking at here, but my take is that qualifying transactions include, at an absolute minimum, attempts to create a domain, renew a domain, transfer a domain and check whether a domain is registered.
The vast majority of such transactions are in the check and create functions, and I believe a great deal of that activity relates to drop-catching, where registries are flooded with add requests for just-deleted domains.
Whichever way you split it, 25 million a day is a ludicrously high number. Literally only .com, which sees 2.3 billion checks and 1.5 billion adds per month, sees that kind of action.
According to Neustar, which actually runs .co, it only sees 6.4 million transactions per day on average. The requirement to handle 25 million a day is “exaggerated, unjustified and discriminatory” against Neustar, Neustar told MinTIC.
But the RFP allows for the bidding registries to spread their 25-million-a-day quota across all of the TLDs they manage, and this MAY sneak Afilias over the line.
I say MAY in big letters because I don’t believe the numbers that Afilias (and probably other registries too) reports to ICANN every month are reliable.
If you add up the reported, qualifying EPP transactions for September in Afilias’ top four legacy gTLDs — .org, .info, .mobi and .pro — you get to over 25 million per day.
But those same records show that, for example, .mobi, .pro and .info had exactly the same number of EPP availability checks that month — 215,988,497 each.
This is clearly bad data.
I reported on this issue last May, when ICANN’s Security and Stability Advisory Committee informed ICANN that major registries were providing “not reliable” or possibly “fabricated” data about port 43 Whois queries.
Afilias, which was one of the apparent offenders, told me at the time that it was addressing the issue with ICANN, but it does not yet appear to have fully fixed its reporting to enable TLD-by-TLD breakdowns of its registry activity.
It is of course quite possible, even very likely, that Afilias has on average more than 25 million qualifying EPP transactions per day, but how’s it going to prove that to the Colombian government when the numbers it reports under contract to ICANN are clearly unreliable?
It’s a little harder to determine whether Neustar would qualify under the 25-million transaction rule, because some of its largest zones are ccTLDs — .co, .in and .us — that do not publicly report this kind of data. Its comments to the RFP suggest it would not.
Numbers aside, I’ll note that there’s very probably an inherent bias towards legacy gTLD operators like Afilias and against relative newcomers such as CentralNic if you’re counting EPP transactions. As I noted above, a lot of these transactions are coming from drop-catch activity, which is more prevalent on larger, older TLDs where there are more dropping domains that are more likely to have existing backlinks and traffic.
The fourth technical requirement in the Colombian RFP that looks a bit fishy is the requirement that the new registry must have channel relationships with at least 10 of the largest 25 registrars, as listed by a web site called domainstate.com.
I can’t say I’ve looked at domainstate.com very often, if at all, but a quick look at its numbers for September strongly suggests to me that it does not count post-2012 new gTLD registrations in its registrar league table. One registrar with almost four million domains under management doesn’t even show up on the list. This arguably could give an advantage to a registry that plays strongly in legacy gTLDs.
That said, it’s probably an academic point — I don’t think any of the bidders for the .co contract would have difficulty showing that they have 10 of the top 25 registrars on board, whichever way you calculate that league table.
Cumulatively, these four technical hurdles have led some to suggest that Afilias has somehow steered MinTIC towards creating an RFP only it could win.
Apart from what I’ve discussed here, I’ve no evidence that is the case, and Afilias has not yet responded to my request for comment today.
Luckily for the bidding registries, the Columbian RFP has not yet been finalized. Comments submitted by the bidders and others are apparently going to be taken on board, so the barriers to entry for respondents could be lowered before bids are finally accepted.
MinTIC posted an update last night that extends the period that the RFP could run, and the transition period should Neustar lose the contract. A handover, should one happen at all, could now happen as late as February next year.

Ten years ago I predicted Oscar winners wanted a .movie gTLD. Was I right?

Kevin Murphy, January 14, 2020, Domain Registries

Almost 10 years ago, when DI was barely a month old, I looked at that year’s Oscar nominees and predicted that a .movie gTLD could find some demand in the movie industry. Was I right?
Of course I was. As regular readers know, I’m always right. Apart from those times I’m wrong.
In 2010, there was no .movie gTLD and no publicly announced applications, but I noted at the time that almost half of the 50 nominated movies that year included the word “movie” immediately before the dot.
This year, there were 52 nominated movies across all categories (I’m well aware that this is a pretty small sample size to draw any conclusions from, but this post is just a bit of fun) so one might reasonably expect there to be roughly 25 official sites using .movie domains among them.
There are not. Only nine of the films, including four of the nine Best Picture nominees, use freshly registered .movie domains for their official sites.
These include the likes of 1917.movie, thecave.movie, joker.movie, onceuponatimeinhollywood.movie and littlewomen.movie.
.movie, managed by Donuts, has been around since August 2015. It competes with Motion Picture Domain Registry’s .film, which was not used by any of this year’s Oscars hopefuls.
What about the rest of this year’s nominees? Did they all register fresh .com domains for their movies?
No. In fact, only 10 of the 52 movies appear to have registered new .com domains for their official sites — one more than .movie — including two of the Best Picture nominations.
These fresh .com regs include domains such as parasite-movie.com, richardjewellmovie.com, ilostmybodymovie.com, forsamafilm.com and breakthroughmovie.com.
One movie — Honeyland, a North Macedonian environmentalist documentary about bees — uses a .earth domain.
I discovered today that, rather brilliantly, the Japan-based .earth registry demands registrants “voluntarily pledge to become ambassadors for Earth and do away with actions that harm Earth and its inhabitants” in its Ts&Cs.
So, of the 52 nominated movies, only 20 opted to register a new domain for their official site — down from 24 in 2010 — and that business was split evenly between .com and new gTLDs.
Whether the movies opted for a .movie domain appears to depend in large part on the distributor.
Sony appears to be a bit of a fan of the gTLD, while Fox, Disney and Warner tend to use after-the-slash branding on their existing .com domains for their films’ official sites.
I tallied 17 movies that have their official sites on their distributor’s .com/.org domain.
There are also trends that I could not have predicted a decade ago, such as the rise of streaming services. Back in 2010, Netflix was still largely a DVD-delivery player and was not yet creating original content.
But this year, seven of the Oscar-nominated movies were made and/or distributed by Netflix, and as such the official web site is the same place you go to actually watch the film — netflix.com.
A few of the nominated animated shorts don’t need official sites either — you just head to YouTube to watch them for free.
There are currently only about 3,200 domains in the .movie zone file, about 1,200 fewer than rival .film. It renews at over $300 a year at retail, so it’s not cheaper than the alternatives by a long way.

DI Leaders Roundtable #4 — Big predictions for 2020

Hindsight is 2020, right? Not this time!
We’re rolling up to the end of the year, so for the fourth DI Leaders Roundtable I thought I’d task my panel of industry experts with the wholly original and unpredictable question:

What do you think will be the major trends or developments in the domain name industry in 2020?

I’m wonderfully happy to report that the panel grasped the opportunity with both hands and delivered an absolute smorgasbord (selection of open sandwiches) of informed opinion about how they reckon 2020 will play out.
From potential changes to security practices to ongoing consolidation to increased government regulation to the death of new gTLDs to the growth of new gTLDs, 2020 is certainly going to be a fun year to report on.
In no particular order, this is what they said:
Rick Schwartz, domain investor

Mugshot2020 is going to be just a fabulous year.
It comes down to two words: re-branding and upgrading.
Businesses that have gotten domains that may have not been prime to begin with want prime domains now to help them grow and be taken more seriously.
Businesses, especially global businesses that made the mistake of using non-dotcom domains, have realized their mistake and want to upgrade to a dotcom domain because of their own self-interest. They don’t care what domainers think! They only care about what they think and their bottom line, and in that regard they only have one choice and they all know it.
It’s mandatory if they want to grow and become part of the largest franchise ever known to mankind. The dotcom franchise.
If you add up all the net worth of every company on earth using the dotcom brand, the number is unfathomable.
As we go into the seventh year of the new gTLD experiment, they are meaningless. They haven’t been adopted by almost anybody. Circulation is poor. So many registrations are questionable or penny-promotional. The majority are parked and not in use nor will they ever be. And 99.9% of the people on this planet could not name a single one of them! Not a one!
The poor roll-out, poor marketing, poor circulation, questionable tactics and rolling out hundreds of extensions at one time was a death wish. A demolition derby as I have described and look at the HUNDREDS that are truly dying on the vine. They are not viable!
The registries themselves wanted the same result as dotcom but they smothered their own product by holding back anything they deemed to have any value whatsoever. They wanted the same result as dotcom but they certainly didn’t use the same playbook. There was no such thing as premium domains with Network Solutions. That was what gave life to the aftermarket.
They changed the recipe and it is what it is. Instead of replacing dotcom domains they should have marketed them as an on-ramp to their main dotcom website. That was a fatal choice.
Country-code extensions with dual purposes have outperformed all the new gTLDs put together.
.org has legs. Even .net domains seem to be in better shape than any of the new extensions.
According to NTLDStats.com there are 400 extensions with less than 20,000 registrations. Not viable! Over 300 of them have less than 10,000 and more than 200 have less than 5,000 and most of those have 2,000 or less.
On the other hand, there have been a lot of gimmicks used by the top 10 to gain HOLLOW registrations. Those 10 control 63% of all new gTLD registrations. Leaving the other 37% to be divided by over 500 other extensions. It’s laughable.
And when it comes to aftermarket sales, 2019 was worse than 2018 and 2017. Wrong direction for something that is supposed to be “emerging.”
According to TheDomains.com reported sales, of new gTLD’s are in a nosedive for 2019 vs 2018 and 2017. And most were done by registries themselves and not individual domain investors. Wrong direction!
2017
1,007 Total Sales
$5.2m Dollar Volume
$5,118 Average Price
$500.3k High Price
2018
1,490 Total Sales
$5.7m Dollar Volume
$3,847 Average Price
$510k High Price
2019
865 Total Sales
$3.4m Dollar Volume
$3,940 Average Price
$335k High Price
To me, 2020 is a year of total clarity. The experiment is over.
Get on board or get run over.

Sandeep Ramchamdani, CEO, Radix Registry
Mugshot

Within the new domains space, we will see a clear separation between the top 10 most popular extensions, and everything else. Many new TLDs have been able to jump volumes by operating at ultra-low prices. As the reality of renewals hit next year, the top TLDs by DUMs will more closely represent the most popular strings overall. Registrars will naturally tend towards focusing on these strings at the cost of everything else.
We will continue to see the normalization of new strings, as its visibility driven by legitimate end-user usage, rises. Our hope is that more registries play an active role in driving adoption by highly visible end-users and accelerate this evolution.

Jeff Neuman, Senior VP, Com Laude

MugshotLooking into my domain name industry crystal ball for 2020, I can see the continuation of some of the same activities, the start of some new debates, and even more maturation of the industry. Here are my views on three of the policy issues likely to be center-stage in 2020 (in no particular order).
Transitioning to a new Steady State of New TLDs.
OK, so the next round of new gTLDs will not open in 2020. However, there will be some real progress made towards the next round. The Subsequent Procedures PDP will complete its policy work on its review of the 2012 round and deliver it to the Council, who in turn will approve (hopefully) the policy work and submit to the Board.
The ICANN Board will put out the report for public comment and we will see those that oppose any new more new TLDs come back out of the woodwork to file the same type of comments reminiscent of 2009/2010. They will claim that more TLDs are not needed, we should not be moving too fast (despite nearly a decade between rounds), and that we should not be adding new TLDs until we solve DNS Abuse, Name Collision, WHOIS/SSAD/GDPR/RDAP/UAM, (insert your own issue), etc.
Despite the likely negativity from some, the community will realize that there is value to additional new gTLDs and maintaining a competitive landscape. There is still value in innovation, encouraging consumer choice and competition. The community will rise above the negativity to realize that many of the issues we experience in the industry are in fact related to the artificial scarcity of TLDs and that we need to continue to push forward towards completing one of the original missions of ICANN.
Rights Protection Mechanisms move to Phase 2.
Admittedly most of the community has not been paying attention to the Rights Protection Mechanisms (RPMs) Policy Development Process PDP. Currently it is working on Phase 1: Reviewing the RPMs introduced for the 2012 Round of New gTLDs. This work includes looking at the Trademark Clearinghouse, Sunrise Processes, the URS and the Trademark Claims process.
2020 may likely see the beginning of its second phase, the first ever review of the Uniform Dispute Resolution Policy (UDRP).
The UDRP was the first of ICANN’s Consensus Policies, and one that has been in place for more than to decades. Great care must be taken in the review of this policy which most will argue has been ICANN’s most successful policy in its relatively young history. The UDRP not only protects the intellectual property community by going after the bad faith registration and use of gTLD domains, but it also has been instrumental for registries and registrars to stay out of the middle of domain name disputes.
Prior to the UDRP, the one domain name registry/registrar was constantly in court defending itself against claims of contributory infringement and hoping that courts would not impose liability on it for allowing the registration of domain names by cybersquatters and not taking back names when notified about the abuse that was occurring on those names.
The passage of the UDRP drastically changed all of that. Registries and Registrars could extricate themselves from domain name disputes by referring the parties to the UDRP and agreeing to following/implementing the decisions. Courts agreed that following the UDRP served as a shield of liability for those registries and registrars that faithfully followed the policy. The bottom line in my view is that domain name registries and registrars need the UDRP as much as the IP Community.
The DNS Abuse Debate continues.
Although some progress has been made in defining and mitigating DNS Abuse with a number of registries and registrars signing a Framework to Address DNS Abuse, more discussions by the ICANN community will continue to take place both within and outside of ICANN. In my opinion, those registries and registrars that are serious of addressing true DNS abuse, will continue to educate the community on the already positive steps that they have been taking to combat phishing, pharming, malware, botnets, etc. as well a number of other non-DNS abuse issues (illegal pharmaceuticals, child exploitation, etc.).
Other groups will continue to press registries and registrars to do more to combat all sorts of other non-DNS forms of abuse, while others will strenuously argue that the more that is done, the more we threaten the civil liberties of domain name registrants. The community will realize that there is no right side or wrong side in this debate. Each side of those complicated debate is right.
Hopefully, a true sense of “multi-stakeholderism” will arise where domain name registries and registrars continue to mitigate abuse while disassociating themselves from those that are not as serious about combating abuse, ICANN will develop tools that will constructively assist with mitigating abuse (as opposed to focusing on contractual regulations), and the rest of the community will work on how to combat the growing problem without trampling on the rights of registrants. At the end of the day, all of us have a role in protecting end users on the Internet.
Note: I know the ePDP work on Universal Access will of course be ongoing, but I am sure others will give their thoughts on that. From a non-policy perspective, the domain name industry will continue to consolidate. We may very well see more registry/registrar combinations, registries purchasing other registries and private equity investment. We will see some more innovative uses of brand TLDs and others following suit.

Christa Taylor, CMO, MMX

Mugshot

  1. The predicted 2020 recession will reward agile organizations who embrace machine learning to enhance operational efficiencies, customer experiences and protect corporate profit margins. Naturally, organizations with high operating costs will be the hardest hit with impacts being felt in the second half of 2020.
  2. The potential recession combined with mounting pressures to increase efficiency will lead to a renewed focus on reaching niche markets to expand business.
  3. Protection and representation movement of identities will continue to gain strength and momentum in 2020 as more and more people recognize the importance of controlling their own personal data.
  4. Horizontal and vertical consolidation along with increased synergies will continue throughout the industry.
  5. The 4th industrial revolution (IoT, VR, AI, BC) will gather momentum and provide additional opportunities for the use of domain names.
  6. The next round of new gTLD applications will encounter unanticipated challenges causing delays.
  7. New gTLDs registrations will continue to grow in 2020.

Michele Neylon, CEO, Blacknight

MugshotI suspect we’ll see more consolidation across the domain and hosting space. Afilias will probably acquire a few more under-performing registry operators. Some will already be on their platform, while others will be using their competitors. CentralNic will continue to acquire companies that fit with their portfolio of services.
There’ll be more mergers and acquisitions across the hosting and domain registrar space with a small number of companies dominating most developed markets.
The PIR acquisition by Ethos Capital will close and the sky won’t fall. PIR will increase their wholesale price by a few percentage points which will upset domain investors. There’ll be increased calls on ICANN to take action, but these will be rebutted.
More country code operators will start using AI to combat abusive registrations. In some cases I suspect we’ll see more stringent registrant validation and verification policies being introduced, though many ccTLD operators will find it hard to balance maintaining new registration volumes while also increasing the overall “quality” of the registration base.
There’ll be an increase in internet shutdowns in less-developed democracies, while governments in Europe and elsewhere will increase pressure on social media companies to stop the spread of propaganda. Internet infrastructure companies will come under more pressure to deal with content issues.
As we enter a new decade the role of the internet in our daily lives, both business and personal will continue to grow.
The big challenges that lie ahead are going to be complex. Without increasing security there’s a tangible risk that consumers will lose trust in the system as a whole and governments will want to impose more regulations to ensure that. One of the challenges is going to be balancing those increased levels of security and consumer confidence while not stifling innovation.
It’s going to be a fun future!

Dave Piscitello, Partner, Interisle Consulting Group

MugshotExpect increased scrutiny of the domain registration business. Our study and others to follow will continue to expose enormous concentrations of abuse and criminal domain registrations at a small number of registrars.
Domains registered using bulk registration services will attract the most attention. We call these “burner domains”, because cybercriminals use these in a “register, use, and abandon” fashion that’s similar to how drug dealers use disposable or burner mobile phones.
Governments will become more insistent that ICANN does more than acknowledge their recommendations and then defer adoption. They will increase pressure to validate domain registration data and legitimate businesses will happily comply with the additional validation overhead because of the abuse mitigation benefits they’ll receive.
There’s a possibility that a government other than the EU will adopt a data protection regulation that exposes the flawed logic in the ill-conceived Temp Spec “one redaction fits all”. Having decided to “run with GDPR”, what will ICANN do when faced with a government that insists that email addresses be made public?
The governance model will also fall under scrutiny, as the “multi” in multi-stakeholder appears to be increasingly dominated by two stakeholder interests and public interest barely receives lip service.

Ben Crawford, CEO, CentralNic

Mugshot

  • There will be more creative ways to bake identity, cyber security, crime prevention and policing, and IP protection measures into domains and registration services
  • More registries will be auctioning their own deleting domains
  • Large tech firms, finance players and telcos will play and increasing role in the domain industry
  • Further consolidation of gTLDs as the bigger registry operators continue to acquire some of the smaller ones
  • More regulations impacting the domain name industry
  • Smart independents like .XYZ, Radix and .ICU (which went from zero to 4+ million DUMs in 18 months) will continue to dominate the nTLD space (without blowing $100m on the rights to their TLDs)

Jothan Frakes, Executive Director, Domain Name Association
Mugshot

Consolidation will continue — look for a lot of M&A activity and corporate development. Lots of moves and role changes with people changing companies as the consolidation occurs. With change comes great opportunity, and there will be a lot of change.
The industry is kicking off the year with oomph — the new location and format for NamesCon, billed as as the Domain Economic Forum in Austin. The event looks promising, as it begins refreshed and demonstrates the strengths of the team who produce Cloudfest. Austin, like Las Vegas, is a mecca for tech startups, but larger, so hopefully the convenience of the venue to the local tech companies, along with with GoDaddy demonstrating a heavier presence at the event this year will be a big lure to attract more new faces to this great industry (and event).
There will be more focus on making things easier for new customers to use and activate services on domain names. Cool technologies such as DomainConnect or other methods that enable “app store” type activation of domain names will continue to make it simpler for a domain name owner to activate, build and use their domains. This is a crucial evolutionary step in the business, as it plays a significant role in renewal rates and overall customer growth.
We’ll see further innovation in the use of domain names become more mainstream. IoT, GPS/Geo, AI, Bots, voice, AR/VR and other technologies will drive expanded use of domain names. Even Blockchain, which seems to have gotten more pragmatic about purpose, has a lot of promise with how it can interact with DNS now that the hype has scaled back and the designated drivers that remain are plowing forth with their efforts to deliver on the core purpose/benefits they set out to deliver.
Domains, as well as the cool things that you can do with them, will continue to be a growing business that enables people and organizations to build and do great things.

A very happy new year to all DI readers and supporters!

Q3 industry growth driven by .tk, .com and .icu

Kevin Murphy, December 20, 2019, Domain Registries

The domain name industry grew by 5.1 million names in the third quarter, according to the latest Domain Name Industry Brief from Verisign.
September ended with 359.8 million names across the board, the DNIB (pdf) shows.
Half of the growth came from Tokelau’s .tk, which is handed out for free by Freenom and is where domains never delete. It grew by 2.6 million names to 25.1 million in the quarter.
Next biggest grower was Verisign’s own .com, which grew by 1.5 million names to end September with an even 144 million. Its red-headed sibling, .net, lost 200,000 names over the same period and ended the quarter on 13.4 million.
Excluding .com and .tk leaves just one million names worth of net growth across the remainder of the industry, which comprises another 1,515 TLDs.
Taiwan’s .tw, which has been going through a bit of a spurt over the last year or so, added 300,000 domains, but .uk, which was a driver in Q2, was flat at 13.3 million.
New gTLDs grew by one million during the quarter, ending at 24 million, according to the DNIB.
That appears to have been driven almost entirely by ShortDot’s cheapo .icu, which has been flying off the shelves in China all year. Zone file records show it added over a million domains in Q3. It currently has 4.2 million names in its zone.
When these domains start to drop, it will likely be on a scale to materially affect the overall industry numbers in future DNIBs.

Warning (or threat?) prices must go up or .org will suffer DAYS of downtime

Kevin Murphy, December 18, 2019, Domain Registries

Public Interest Registry’s new commercial owner will have to raise domain prices significantly, or .org web sites will suffer over three days of downtime every year, one of its subcontractors has warned.
The claim came in a surprising, confusing letter (pdf) to ICANN’s top brass from Packet Clearing House, a major provider of DNS Anycast services.
PCH claims that Ethos Capital, which is in the process of buying PIR from the Internet Society for $1.135 billion, can only make a profit on the deal if it significantly ups the price of .org domains while simultaneously cutting infrastructure spending.
But its numbers don’t make a whole heck of a lot of sense to me, unless you interpret them as a threat to throw .org under a bus.
PCH is a non-profit company in the business, partly, of selling DNS Anycast services. This is the technology that allows domain names to be resolved by a server as close to the end user as possible, cutting down on internet travel time and load-balancing resolution across the world.
For 15 years, it has been providing such services to Afilias, which is the back-end registry services provider for .org and hundreds of other TLDs. Some of the money PIR makes selling .org domains therefore flows from PIR to Afilias to PCH.
While PCH is hardly a household name, even in the domain name industry (in almost 10 years, I’ve mentioned its name once), the letter, sent last week and published by ICANN last night, attempts to open the kimono a little to reveal how much it costs to reliably resolve a major gTLD.
According to PCH, “annual operational cost necessary to ensure the reliable and performant availability of .ORG” has grown from $11 million in 2004 to $30 million today.
Does that mean Afilias pays PCH $30 million a year to help resolve .org? No.
PCH says that in 2019, $1.3 million will come “indirectly from .ORG registration revenue”, with the remaining $29 million “met through tax-deductible contributions from PCH’s many donors”.
As a non-profit, PCH accepts donations from more than 30 listed sponsors, including Afilias and ICANN, as well as household names such as Amazon, Google and Netflix.
According to PCH’s letter, if .org is transferred into for-profit control, this $29 million will dry up. The letter states:

Under IRS tax law, tax-deductible donations to non-profits cannot accrue to the benefit of a for-profit. Therefore if .ORG is transferred to a for-profit entity, we cannot ask our donors to continue to subsidize its operation, 96% of .ORG’s current operational funding will disappear, and the reliability of its operation will sink from that of .COM and .NET to the least-common-denominator of commodity domains, which generally suffer several days of outage per year.

It estimates .org’s potential downtime at 3.12 days per year. It’s not saying that would happen in one big 72-hour chunk, but it still averages out at about 12 minutes per day
This amount of interruption would put PIR firmly on ICANN’s naughty step when it comes to the registry’s contractual uptime commitments — it has to provide 100% DNS service availability every month, under pain of losing its contract.
But why would those PCH contributions dry up?
Is PCH seriously saying that its donors are chucking in $29 million a year specifically to subsidize .org resolution services? Why on Earth would they do that, when .org brings in revenue of over $90 million per year and PIR only pays Afilias $18 million for registry services?
PCH provides Anycast for 243 gTLDs and 120 ccTLDs. The vast majority of these are managed by for-profit entities. There simply are not 243 non-profit gTLDs out there. Not even close.
In fact, most of the gTLDs PCH serves appear to be for-profit Afilias clients, including many dot-brands.
Goodness knows how PCH segments its income and expenditure, but it seems very likely that PCH’s donors are already financially helping to provide resolution services for commercial registries.
Could we interpret this letter as a threat to deliberately degrade .org’s performance, should the Ethos transaction go through? I’m not sure, but I think it’s a plausible read.
Regardless, we have to take PCH’s claims about the loss of sponsorship money at face value if we want to follow the rest of its calculations.

If the .ORG domain is sold for USD 1.135B, wholesale price and number of domains remain unchanged over the remaining nine years of the delegation (USD 900M gross), and operational reliability is maintained (at a cost of USD 270M), the buyer would take a net loss of USD 470M, or -6.33% CAGR. Private equity does not purposefully enter into loss-making deals. We may therefore conclude that the above scenario is not the intended outcome of the proposed sale.

That calculation seems to assume that PIR/Ethos/Afilias picks up the slack caused by the loss of the purported $29 million subsidy, rather than continuing to pay $1.3 million per year.
But PCH goes on to calculate that Ethos could make a profit on the acquisition only if it raises prices at over 10% a year AND refuses to chip in the missing $29 million.

If the .ORG domain is sold for USD 1.135B, prices are increased by 10% annually (USD 1.357B gross), and operational spending is slashed by 99%, (USD 2.7M), the buyer would make a net gain of USD 220M, or 1.99% CAGR, while increasing down-time to more than three days per year.
1.99% CAGR is not a return for which private equity would typically take this magnitude of risk. The unavoidable conclusion is that any private equity buyer who spends $1.135B to buy the .ORG domain must not only increase prices by more than 10% annually, but also cut operational costs to the minimum levels we see available at the low end of the market, with disastrous consequences for .ORG registrants and the public who depend upon them.

Again, all of these calculations appear to rely upon the notion that $29 million of voluntary donations from Amazon, Netflix, IBM, et al disappear when the acquisition is finalized.
It’s difficult to say how much PCH spends on its DNS infrastructure across the board, or how it accounts for its donations. The company does not make any financial information available on its web site.
Wikipedia reports, in an edit apparently made by PCH executive director Bill Woodcock, that the company had revenue of $251 million last year.
I assume the vast majority of that comes from and supports its primary business, which is building and maintaining internet exchange points around the world.
The only 990 tax return I could find for a “Packet Clearing House” in the San Francisco bay area shows an entity with barely $2 million of revenue in 2018.
To return to the letter, PCH concludes:

Three days per year of interrupted communications for millions of not-for-profit organizations would unacceptably damage the stability and functionality of the Internet, and more broadly of society globally.
We believe that stability and functionality should be central to any consideration by ICANN of change of control or contract modifications in relation to the .ORG TLD. As we demonstrate, the proposed transaction, or any financially-similar one, guarantees a disastrous effect on stability. Please do not approve it.

It’s a pretty shocking request, coming from an organization with a 15-year relationship with .org.
Perhaps PCH is concerned that PIR, under new management, will dump Afilias as back-end provider, leading to a loss of business for itself? Maybe, but that only appears to be a piddling $1.3 million out of a $251 million budget.
A more pressing question is arguably whether ICANN, which is currently probing ISOC and Ethos for additional information about the acquisition, finds PCH’s arguments persuasive.
ICANN has so far proved unresponsive to community concerns about pricing, but technical stability is its absolute raison d’etre. If there’s any risk at all that .org will start regularly missing its uptime targets, ICANN is duty bound to take those concerns seriously.

GoDaddy girls often make more money than the men

Kevin Murphy, December 12, 2019, Domain Registrars

Women in some roles at GoDaddy are making more money than their male counterparts, according to data released by the registrar today.
In technical positions in the US, female employees are making on average $1.03 for every $1 men make, GoDaddy said. Women in leadership positions make two cents more than men.
But women in non-techie, non-leadership jobs make a penny less than males, the company said.
“The 2019 global salary data shows that GoDaddy is paying men and women at parity across the company, when comparing men and women in like roles,” GoDaddy said.
The new data also shows that 29% of GoDaddy employees globally are female, which is the same as last year.
But the proportion of women in technical jobs decreased by two points to 17%.
Meanwhile, 36% of non-technical roles are staffed by women, up one point from 2018.
In the US, the female contingent was a little higher — 30% overall, 19% of techies and 37% of non-techies.
The male-female mix at GoDaddy appears to be in the same ballpark as what we generally see with attendance statistics coming out of ICANN meetings — roughly 70/30.
GoDaddy started publishing this data five years ago as part of a plan to foster diversity, reduce unconscious bias, and generally get away from its roguish foundational image as a company that flogged millions of domains with “GoDaddy Girls” — usually busty spokesmodels in skimpy clothing.